Over the past year, there have been thousands of high-profile hacking attacks against important websites, including those of the FBI, the CIA, the Department of Homeland Security, the White House, the Justice Department, and other government websites, and banks throughout the world.[1]

Tens of thousands of other Western websites have also been hacked, some by Muslim "hacktivists" acting on fatwas sanctioning their activities; some of these fatwas were issued by leading mainstream Muslim scholars. Jihadi groups have also used such religious justification for hacking attacks, some of which caused major damage and financial loss online.

Already this year, on January 7, 2013, police in Thailand arrested an Algerian cyber-crime suspect sought by the FBI for allegedly stealing millions of dollars by hacking banks' websites.[2] The suspect, Hamza Bendelladj, was arrested while en route from Malaysia to Egypt. U.S. authorities believe that he hacked private accounts in more than 217 banks and financial companies worldwide, causing about $10 million in losses per transaction. According to reports, he was associated with several hacking groups, possibly the Izz Eddin Al Qassam Cyber Fighters.

Also, on January 2, 2013, several American websites were hacked by one Abu Ubayda Al-Masri ("Abu Ubayda the Egyptian"). The message he left on the websites, which appear to have been chosen at random, stated that the attack marked the anniversary of the December 30, 2009 suicide bombing by Humam Al-Balawi, aka Abu Dujana Al-Khurasani, against CIA and Jordanian intelligence personnel near Khost, Afghanistan.[3]

A Website Hacked By Al-Masri

Al-Masri's actions were praised on leading jihadi forums. In a post on the Ansar Al-Mujahideen Arabic Forum (AMAF), one Abu Jafar welcomed the attacks against the "American Crusader" websites. He also offered his services to jihadi forum members, saying that he was willing to start a workshop on "device hacking, encryption, and [computer] programming."[4]

Hacking is part of the larger cyber security threats challenging Western capitals. This debate over how to counter this threat should, but does not currently include the issue of online jihad and terrorists' use of the Internet.

Jihadi Hacking Fatwas And Attacks Ongoing For Past Decade

Hacking episodes such as those by Bendelladj and Al-Masri have been going on for a decade (see MEMRI's groundbreaking study by Dr. Eli Alshech, Cyberspace as a Combat Zone: The Phenomenon of Electronic Jihad, February 27, 2007).[5] One of the earliest such episodes occurred just days before 9/11. On September 5, 2001, the Saudi newspaper Al-Riyadh published an interview with the Saudi hacker "Robin Hood," aka Abu Walid.[6] In the interview, the 23-year-old hacker spoke of his "hobby" of targeting websites, both in the Arab world and the West, in order to expose their vulnerabilities; regarding American and Jewish websites; he said that his aim was to cause them maximum damage.

Abu Walid also said that he had targeted a number of American websites, such as those of the FBI and the Environmental Protection Agency (EPA), as well as a Department of Defense network center, from which he claimed to have obtained military data. He claimed that he had also hacked websites in the Arab world, including those of several Arab banks and a number of Saudi and Gulf-state government ministries, and a large number of public forums.

Abu Walid told Al-Riyadh that his most famous cyber attack targeted the website of Israel's Knesset. He also mentioned that he had conducted attacks against a number of Israeli Internet Provider Service websites, the Nuclear Research Center Negev website, and the websites of several Israeli banks. Abu Walid said that he had hacked at least 1,000 Jewish websites, noting that this large number was the result of his practice of targeting host servers, not individual websites.

Hacking Deemed Permissible By Top Muslim Religious Authorities

Thirteen years ago, online activists began asking their spiritual leaders for permission to wage cyber-jihad. Since that time, multiple fatwas have been issued permitting it – complete with religious justifications, including Koran verses and quoting Hadiths. From that time forward, the issue of permitting cyber-jihad has been a frequent topic of discussion on Arab television programs, as cited in this report; groups for it have been established, and it has been promoted and propagated in numerous other ways as well.

Since 2000, cyber-jihad has been repeatedly declared against the U.S., Israel, and other Western countries. The thousands of hacking attacks and attempted attacks on the websites of Western government and military bodies and many other Western websites since then are directly connected to those declarations.

Even though some of these fatwas have been identified through MEMRI research, the scope and depth of the phenomenon have nevertheless gone virtually unnoticed by the West.